One of the first things one must know about managing an Active Directory environment is knowing which Domain Controllers hold the FSMO roles. Typically, all FSMO roles exist in the first DC of a forest that happens automatically when you install Active Directory, at least on the smallest infrastructure. This, of course, can change along the way by moving one or more FSMO roles to different servers.
The 5 FSMO roles are as follows:
- Schema Master (forest-wide)
- Domain Naming Master (forest-wide)
- RID Master (domain-specific)
- PDC Emulator (domain-specific)
- Infrastructure Master (domain-specific)
There are several ways to find out which Domain Controller hold FSMO roles. This is done through the graphical environment, the PowerShell, and the command line, as the case may be. In the following steps, the actions are done on a DC with a Domain Administrator account.
Determine FSMO role holders using the GUI
How to determine which DC has the domain-specific FSMO roles, ie RID Master, PDC Emulator and Infrastructure Master.
Open the Active Directory Users and Computers console, right-click the domain and then Operations Masters.
Here, on each tab, you can see which Domain Controller has the above FSMO roles.
How to determine which DC has the Domain Naming Master role.
Open the Active Directory Domain and Trusts console, right-click the name icon and then the Operations Master.
In the window that will appear you will see who DC has the Domain Naming Master role.
How to determine which DC has the Schema Master role.
Initially, you will need to register the corresponding dll. From Run or Command Prompt, type the following command.
regsvr32 schmmgmt.dll |
Then, open an MMC console (through the search or Run), and add the Active Directory Schema from the Add / Remove Snap-in menu.
Here, right click on the icon and then in Operations Masters.
In the window that will appear you will see who DC has the Schema Master role.
Determine FSMO role holders using the command line
With the netdom command, it’s very easy and quick to recognize which DCs have FSMO roles. In a Command Prompt window of a DC, type the following command.
netdom query fsmo |
Determine FSMO role holders using PowerShell
To determine the domain-specific FSMO roles for a Domain.
Get-ADDomain | Select-Object InfrastructureMaster, RIDMaster, PDCEmulator |
To determine the forest-specific FSMO roles for a Forest
Get-ADForest | Select-Object DomainNamingMaster, SchemaMaster |
Finally, to view a list of all DCs that have FSMO roles.
Get-ADDomainController -Filter * | Select-Object Name, Domain, Forest, OperationMasterRoles | Where-Object {$_.OperationMasterRoles} |
This Line : Get-ADDomainController -Filter * | Select-Object Name, Domain, Forest, OperationMasterRoles | Where-Object {$_.OperationMasterRoles}
had a few typo and should be correct to this.
Fixed the typo, thanks Jean!